lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1287507259.6471.82.camel@mdlinux>
Date: Tue, 19 Oct 2010 12:54:19 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1006-1] WebKit vulnerabilities

===========================================================
Ubuntu Security Notice USN-1006-1           October 19, 2010
webkit vulnerabilities
https://launchpad.net/bugs/660075
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libwebkit-1.0-2                 1.2.5-0ubuntu0.9.10.1

Ubuntu 10.04 LTS:
  libwebkit-1.0-2                 1.2.5-0ubuntu0.10.04.1

Ubuntu 10.10:
  libwebkit-1.0-2                 1.2.5-0ubuntu0.10.10.1

After a standard system update you need to restart any applications that
use WebKit, such as Epiphany and Midori, to make all the necessary changes.

Details follow:

A large number of security issues were discovered in the WebKit browser and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of
service attacks, and arbitrary code execution.

Please consult the bug listed at the top of this advisory to get the exact
list of CVE numbers fixed for each release.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.9.10.1.diff.gz
      Size/MD5:    28902 3436d9c6218a4cd1a5754b26d0f6e256
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.9.10.1.dsc
      Size/MD5:     2346 9cc885388210502d79ca6655e073f05e
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5.orig.tar.gz
      Size/MD5:  6727977 09f04985665b9abf6f0d9956f86a6a31

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-common_1.2.5-0ubuntu0.9.10.1_all.deb
      Size/MD5:   615320 20d3e7adda2f5fa5a142a4501280a837

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_amd64.deb
      Size/MD5: 139134580 8d73bb5f05a99b76445655c0aff9eb12
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:  5751420 31eda9fa73766cef54571ecab5f2c6e0
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:   118264 4402376e41a392f18ec26b102a27c4aa

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_i386.deb
      Size/MD5: 138270646 ff3700bd6053f18209c8884d0bdc5bc4
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_i386.deb
      Size/MD5:  5140872 73f89219225b633f4a866245712e6837
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_i386.deb
      Size/MD5:   115628 aa55bd17bfd68286f34a8aac9017839d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_lpia.deb
      Size/MD5: 138495338 f45c9ce9a707fbcf9cf17d3039e9a47f
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:  5093272 11a6dd088bde3429ed8bd8e4bd0c2610
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:   115612 d3440a9475264109fe7ee7806ad1659b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5: 138840804 c0d644f5609bb659e5c934725bfa862d
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:  5405430 04557727a3bac6037caca9b717b8e218
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:   115620 916e4e0e1bf105f62c6d3ef2756d1186

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.9.10.1_sparc.deb
      Size/MD5: 137354182 d0fd14e1622fcacfa5f2f97c40bfcacc
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:  6022530 ccf509a6bc5d3085170c8652323f154a
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:   115604 279ec84c70acc2f0f6ac757d8ea8314d

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.04.1.debian.tar.gz
      Size/MD5:    28130 d8f8ce4ec546bf31939df7fb25f0546e
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.04.1.dsc
      Size/MD5:     2489 ce702764983bfa6366cb29288bcd0a34
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5.orig.tar.gz
      Size/MD5:  6727977 09f04985665b9abf6f0d9956f86a6a31

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-common_1.2.5-0ubuntu0.10.04.1_all.deb
      Size/MD5:   615060 54a52de598cc1d98ae81293f561cee31

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 139191092 505abba3026374772b005f66c5aa39b4
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:  5759808 fe280b0b0c1cfae2ec2f1c42438f6c02
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:   125090 add586dd4e7116a3c839d3aff41992c0
    http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:    32002 68cb1c3e0122056767f3c8379bc466e9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 138266662 9cbe221be706e0a8cfca8bb5f26e7b10
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_i386.deb
      Size/MD5:  5143424 7a0471d9588efe065b08e3fb1b8fe4e9
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_i386.deb
      Size/MD5:   125092 81aea704572d2052b0764962e82de16a
    http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_i386.deb
      Size/MD5:    32000 6bafa9242012aae7a2b89a4ceda5e57b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 138806090 872af69f2a732bfbef0493f2a47ffa2f
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:  5402940 c77160e966129af9d018e856af48b72f
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:   125086 9fd9e5e5436c39aeecbeb21ee5f84f8b
    http://ports.ubuntu.com/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:    32396 3a217f8e2d292dc99d011474f3f1d4af

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 136606856 c78a87af6d3cbf0ce134155674cbd6c2
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:  5158466 c3d03dcf298065146ff55bb036646638
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:   125078 5cf9023f9a176b63372eeaa458c00b19
    http://ports.ubuntu.com/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:    32388 5e7796c459061e2effa909b33037f33b

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.10.1.debian.tar.gz
      Size/MD5:    28946 696566138ed976047955dad9c51532de
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5-0ubuntu0.10.10.1.dsc
      Size/MD5:     2458 6c54ab417c58ea8fc7aeb4e023056ec1
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.2.5.orig.tar.gz
      Size/MD5:  6727977 09f04985665b9abf6f0d9956f86a6a31

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-common_1.2.5-0ubuntu0.10.10.1_all.deb
      Size/MD5:   696876 425ce7560407344b9a0bc967ca8859a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.10.1_amd64.deb
      Size/MD5: 139228160 62a0a9f279f2e4086e2605cf00dcaf99
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.10.1_amd64.deb
      Size/MD5:  5759738 754ae8a24c22a6deb0d9093c6c3269ef
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.10.1_amd64.deb
      Size/MD5:   128206 ae712ec8851f357c54d28660d4b6e254
    http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.10.1_amd64.deb
      Size/MD5:    31662 4b4d0aebf0aa3b908b258581e6ab84be

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.10.1_i386.deb
      Size/MD5: 138310558 186bca6b898b28bd118560dd74fd62b2
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.10.1_i386.deb
      Size/MD5:  5132134 804908022424e58a8dd07b1fdee9e3f6
    http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.10.1_i386.deb
      Size/MD5:   129146 6fa207cdf44a3e94dbe1bb2101e86803
    http://security.ubuntu.com/ubuntu/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.10.1_i386.deb
      Size/MD5:    31788 f3076772e02b02a46c84de4ad460fb30

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2-dbg_1.2.5-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5: 138818056 19a3a011964bd3931efb6acdc30f8a8e
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-2_1.2.5-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5:  5395890 2d56bd9385a163c2d02acaaa5ec069da
    http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-dev_1.2.5-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5:   124992 d7efe40fbab12557876cfb7c689f91ae
    http://ports.ubuntu.com/pool/universe/w/webkit/gir1.0-webkit-1.0_1.2.5-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5:    32030 b8baf77562a66d7f2d9a5fdb40f59489




Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ